Sourcefire VRT Update

Date: 2006-02-15

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
5692 - P2P Skype client successful install (p2p.rules)
5693 - P2P Skype client start up get latest version attempt (p2p.rules)
5694 - P2P Skype client setup get newest version attempt (p2p.rules)
5695 - WEB-IIS web agent redirect overflow attempt (web-iis.rules)
5696 - IMAP delete directory traversal attempt (imap.rules)
5697 - IMAP examine directory traversal attempt (imap.rules)
5698 - IMAP list directory traversal attempt (imap.rules)
5699 - IMAP lsub directory traversal attempt (imap.rules)
5700 - IMAP rename directory traversal attempt (imap.rules)
5701 - IMAP status directory traversal attempt (imap.rules)
5702 - IMAP subscribe directory traversal attempt (imap.rules)
5703 - IMAP unsubscribe directory traversal attempt (imap.rules)
5704 - IMAP SELECT overflow attempt (imap.rules)
5705 - IMAP CAPABILITY overflow attempt (imap.rules)
5706 - POLICY Namazu incoming namazu.cgi access (policy.rules)
5707 - POLICY Namazu outbound namazu.cgi access (policy.rules)
5709 - WEB-PHP file upload directory traversal (web-php.rules)
5710 - WEB-CLIENT Windows Media Player Plugin For Non-IE Browsers Buffer Overflow (web-client.rules)
5711 - WEB-CLIENT Windows Media Player zero length bitmap heap overflow attempt (web-client.rules)

Updated rules:
1021 - WEB-IIS ism.dll attempt (web-iis.rules)
1079 - WEB-MISC WebDAV propfind access (web-misc.rules)
1425 - WEB-PHP content-disposition file upload attempt (web-php.rules)
1861 - WEB-MISC Linksys router default username and password login attempt (web-misc.rules)
2259 - SMTP EXPN overflow attempt (smtp.rules)
2260 - SMTP VRFY overflow attempt (smtp.rules)
2486 - DOS ISAKMP invalid identification payload attempt (dos.rules)
2522 - WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
3549 - WEB-CLIENT HTML DOM invalid element creation attempt (web-client.rules)
3653 - SMTP SAML overflow attempt (smtp.rules)
3654 - SMTP SOML overflow attempt (smtp.rules)
3655 - SMTP SEND overflow attempt (smtp.rules)
3656 - SMTP MAIL overflow attempt (smtp.rules)
3824 - SMTP AUTH user overflow attempt (smtp.rules)
4060 - POLICY RDP attempted Administrator connection request (policy.rules)